Jump to content

Payment Card Industry Security Standards Council

From Wikipedia, the free encyclopedia

PCI Security Standards Council, LLC
Founded7 September 2006; 18 years ago (2006-09-07)
Headquarters401 Edgewater Place Suit 600, ,
Websitepcisecuritystandards.org

The Payment Card Industry Security Standards Council (PCI SSC) was formed by American Express, Discover Financial Services, JCB International, MasterCard and Visa Inc. on September 7, 2006,[1] with the goal of managing the ongoing evolution of the Payment Card Industry Data Security Standard.

The Payment Card Industry Data Security Standard (PCI DSS) consists of twelve significant requirements including multiple sub-requirements, which contain numerous directives against which businesses may measure their own payment card security policies, procedures and guidelines.[2][3][4][5]

To address rising cybersecurity risks to the payment ecosystem, the PCI SSC currently manages 15 standards for payment security, which are variously applicable to payment card issuers, merchants and service providers, vendors and solution providers, and acquirers and processors.[6] More recently, the PCI SSC has collaborated with EMVCo, to provide the security requirements, testing procedures and assessor training to support the EMV 3-D Secure v2.0 standard.[7]

Membership and participation

[edit]

Members of the PCI Security Standards Council include an Executive Committee of six major payment brands: American Express, Discover Financial Services, JCB International, MasterCard, Visa Inc., and UnionPay.[8] The executives and management of the PCI SSC are supported by 30 companies comprising the Board of Advisors,[8] and other stakeholder advisory groups such as assessor companies and regional boards.

Interested parties can participate in the development of the PCI security standards through member registration as a Participating Organization.[9][10] Currently, there are more than 700 Participating Organizations from more than 60 countries.[9] These participants are organized into Special Interest Groups,[11] which are tasked with recommending revisions to and the further development of the various security standards maintained by the PCI SSC.

References

[edit]
  1. ^ "Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards". www.pcisecuritystandards.org. Retrieved 31 July 2017.
  2. ^ Wilson, Donna (20 April 2018). "PCI DSS and card brands: Standards, compliance and enforcement" (PDF). Cyber Security. 2 (1): 73–82.
  3. ^ Moldes, Christian (Spring 2018). "Compliant but not Secure: Why PCI-Certified Companies Are Being Breached". CSIAC Journal. 6 (1).
  4. ^ Fruhlinger, Josh (17 July 2020). "PCI DSS explained: Requirements, fines, and steps to compliance". CSO Online. Retrieved 14 February 2022.
  5. ^ Pierangelo, R. Scott (October 2020). "Using PCI Scope to Lower Risks and Cost" (PDF). ISSA Journal: 12–17.
  6. ^ "Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards". www.pcisecuritystandards.org. Retrieved 14 February 2022.
  7. ^ "EMVCo and PCI SSC Combine Expertise on 3-D Secure 2.0" (PDF) (Press release). EMVCo. 29 September 2016. Retrieved 31 July 2017.
  8. ^ a b "Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards". www.pcisecuritystandards.org. Retrieved 14 February 2022.
  9. ^ a b "Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards". www.pcisecuritystandards.org. Retrieved 31 July 2017.
  10. ^ "The PCI Security Standards maintaining payment security". European Payments Council. Retrieved 14 February 2022.
  11. ^ "Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards". www.pcisecuritystandards.org. Retrieved 31 July 2017.
[edit]

PCI DSS Compliance Requirement Checklist